EMV Chip Card Technology

The credit card industry in the United States and the world at large is moving to a more secure type of credit card known as the EMV credit card. The new card resembles the old one, but has a metal chip on the front above the card number.

What is EMV?

EMV is the acronym for Europay, Mastercard, & Visa, which are the companies that created the standard. It is considered a superior and safer global standard for credit and debit cards embedded with computer chips and technology for authenticating chip-card transactions. The new technology will change how credit and debit cards are used in most face-to-face transactions, but all else will remain the same. ‘

EMV’s History

Prior to the introduction of the EMV standard, all face-to-face credit and debit card transactions involved the use of either mechanical imprint or magnetic stripe to read and record account data as well as a signature for the purpose of verifying identity. However, this approach had numerous flaws and a higher potential for fraud. The first standard for smart payment cards was deployed in 1986 in France followed by another one in 1989. EMV was initially written in 1993 and 1994. JCB, China UnionPay, and Discover joined the consortium in February 2009, May 2013, and September 2013 respectively.

How Do I Use an EMV Card to Make a Purchase?

EMV cards are processed for payments in 2 steps just like magnetic-stripe cards. The 2 steps are card reading and verification of transaction. To use the EMV card, you use what is referred to as ‘card dipping’ i.e. inserting it into a terminal slot and wait for it to process. The processing involves a flow of data between the issuer to verify its legitimacy and the creation of unique transaction data. The process might not be as fast as a magnetic-stripe swipe, but it is more secure and varies between merchants.

Is Card Dipping the Only Option?

Card dipping is not the only available option since EMV cards also support card reading that doesn’t involve contact referred to as Near Field Communication. Instead of swiping or dipping, you simply tap NFC-enabled cards against a scanner terminal that picks up the card data from the computer chip embedded. All over the world, there’s a push to make EMV cards dual-interface i.e. both contact and contactless, but contact cards are still most prevalent in the United States.

Will I Still Have to Enter a PIN or Sign for My Card Transaction?

It depends. You will be required to do either of the two verification options, but this will depend on the verification option tied to the EMV card you are using and not whether you have a credit or debit card. If you enter a PIN, the payment terminal connects to the payment processor in real-time for the verification and approval of transactions. If the terminal does not accept a pin, transaction verification/confirmation will come down to the signature.

If Fraud Happens After EMV Cards Are Issued Who Is Liable for the Costs?

If a face-to-face transaction is done using a stolen, counterfeit, or otherwise compromised card, the losses to the consumer from such transactions will fall back on the issuing bank or payment processor, depending on the terms and conditions for the card. The liability for card-present fraud has shifted to the party that’s least EMV compliant in fraudulent transactions since October 1st 2015, which is the deadline set by the major credit card issuers i.e. MasterCard, Visa, American Express, and Discover.

Is the Transition to EMV Technology Complete?

As of 2018, not quite. While the deadline was a strong motivator for the payment processing parties to become EMV-compliant, not all parties have transitioned. EMV debit cards have rolled out at a slower pace compared to EMV debit cards whose rollout is steadily progressing. Overall, about 70 percent of both credit and debit cards have been converted to EMV chip technology. Different companies use different rollout strategies, which explains why the transition is still not yet complete.

If I Want to Use MY EMV Card at a Retailer That Doesn’t Support the Technology Yet, Will It Work?

Yes. The first EMV cards will come equipped with both magnetic-stripe and chip functions to allow merchants to adjust and avoid disrupting consumer spending. If the retailer does not have EMV card readers, the EMV card can still be read with a swipe, just like with a traditional magnetic-stripe card.

Will I Be Able to Use My EMV Card When I Travel Outside the Country?

It depends. The United States is the last major market that still uses the magnetic-stripe card system. A vast majority of European countries migrated to EMV chip technology years ago to deal with the issue of fraud. The shift has left many U.S. consumers with magnetic-stripe cards looking for alternative payment options when they travel such as international prepaid cards.

Foreign merchants are often wary of magnetic-stripe cards, so consumers that have some type of chip card will encounter fewer problems than those without one. However, EMV-PIN cards are the norm in countries that support EMV, which means that consumers with EMV-signature cards may encounter some merchants who are either unable or unwilling to process the card even with the embedded chip.

Differences & Benefits of EMV

The two key benefits associated with moving to EMV technology are enhanced security and the possibility for finer control over “offline” credit card transaction approvals. EMV cards enhance security against fraud compared to magnetic-stripe cards that rely on the signature of the holder and a visual inspection to check for security features such as a hologram. The use of a PIN provides authentication of the card to the processing terminal as well as the issuer’s host system.

Previously, customers handed over their cards to sales clerk to pay for transactions. Mechanical portable card imprinters that used carbon paper to make imprints were originally used when credit cards were first introduced. The devices didn’t communicate with the issuer electronically and cards never left the customer’s sight. Magnetic-stripe cards were then introduced and the card issuer could be contacted electronically to authorize the transaction. However, this too had its faults and limitations.

EMV cards were eventually introduced and they brought with them another layer of security. It is no longer feasible to clone an EMV card since only the magnetic stripe can be copied and it is impossible to use a copied card on a terminal that requires a PIN. EMV chip technology can thus be used to reduce the risks associated with unauthorized card-cloning and swiping.

Online, Phone & Mail Order Transactions Using EMV

EMV technology might have reduced fraud in face-to-face transactions, but it doesn’t mean they have disappeared completely. Today, fraud has migrated to the Internet, telephone, and mail order transactions, which are more vulnerable. In fact, such transactions account for up to 50 percent of all credit card fraud today. Due to the physical distances involved, it is not possible for merchants to present customers with keypads, so various alternatives have been introduced.

List of EMV Documents and Standards

The first EMV standard was introduced as EMV 2.0 back in 1995. In 1996, it was upgraded to EMV 3.0 and in 1998, later amendments were made and it became known as EMV 3.1.1. The standard was further amended in December 2000 to EMV 4.0, which became effective in June 2004. EMV 4.1 became effective in June 2007, EMV 4.2 became effective in June 2008, and EMV 4.3 became effective in November 2011.

Since EMV 4.0 was introduced, the official standard document defining all components of an EMV payment system are published as 4 “books” and some additional documentation. Book 1 is about Application Independent to ICC to Terminal Interface Requirement, Book 2 is about Security and Key Management, Book 3 is about Application Specification, and Book 4 is about Cardholder, Attendant, & Acquirer Interface Requirements. The other documents are the EMV Card Personalization Specification and Common Payment Application Specification.

EMV Vulnerabilities

EMV technology is expected to reduce credit card fraud in the long-term. However, the risk for fraud still exists in the short-term. Not all retailers have the capacity to process EMV chip cards, which means that you will still have to swipe your card even though it has an embedded chip. Swipe transactions still carry the same risk of fraud. Criminals can also use stolen credit cards.

Online transactions still carry the same level of risk of fraud. Hackers can still get better at phishing by tricking consumers into giving up their credit card details by disguising themselves as a trusted business or person. Criminals can even breach businesses that have your credit card number on file for recurring subscriptions or one-click shopping. This is why you need to practice safe habits when shopping online.

Why Are Countries Transitioning to EMV?

Issuers of credit and debit cards including merchants and banks are migrating to EMV chip technology to enhance security and decrease the card-present fraud that results from lost, counterfeit, and stolen cards.

What is the Proven Impact of EMV Adoption on Payment Card Fraud?

The countries that have migrated to EMV technology have reported a reduction in the incidences of card fraud. Countries such as the U.K. and Canada have reported a significant reduction in the incidence of fraud. However, while card-present fraud cases have reduced, other kinds of fraud have increased including ATM fraud and Card-Not-Present fraud. This reality means that there should be a layered approach to security even with EMV technology being used to address various security vulnerabilities.

How Does Card Authentication Work With EMV?

Card authentication helps protect the system against counterfeit cards. The EMV specifications as well as the associated payment network chip specifications define the card authentication methods. Authentication may happen either online, offline, or both.

How Are Cardholders Verified With EMV?

Cardholder verification is used to authenticate the cardholder. The 4 CVMs supported by EMV are online PIN, offline PIN, signature verification, and No CVM. Depending on issuer preference and payment network rules, EMV cards are personalized with one or more CVMs to ensure acceptability in as many locations as possible.

How Are Transactions Authorized with EMV?

EMV transactions are authorized either offline or online. For online transactions, the transaction details are sent to the issuer and are either declined or authorized in real time. For offline transactions, the terminal and card communicate issuer-defined risk parameters set in the card to determine whether transactions can be authorized. Offline transactions are primarily used if terminals don’t have online connectivity or countries with high telecommunication costs.

What Makes EMV Cards Safer?

EMV cards have an embedded computer chip that creates a unique code for every transaction. Once a code is used, it can never be used again. If a hacker were to get access to the code and attempted to use the data to make credit card purchases, the transaction would be declined. EMV technology makes it close to impossible to create and use counterfeit cards as long as you use EMV at checkout always.

Not All Merchants Have the Equipment Yet

The large retailers have migrated to EMV technology partly because they have the resources to do so. The larger retailers also stand to lose a lot of money in case of credit card fraud due to lack of EMV compliance. However, smaller businesses who may be unaware of the costs and risks if fraud may be slower when it comes to implementing the technology. Unfortunately, failure to implement EMV could be devastating for small businesses since a data breach may put a small business out of business completely.

The New Rules of Credit Card Fraud

October 1st, 2015 was the deadline set for the EMV switchover. Retailers who don’t accept EMV payments from this date may be liable for losses associated with credit card fraud. Prior to this date, credit card companies were liable for any fraudulent purchases involving lost, counterfeit, or stolen credit cards.

Credit card companies are still willing to accept liability for counterfeit fraud if the merchant accepts EMV payments. This is true even if the merchant accepts both magnetic stripe payments and EMV payments and the magnetic stripe payments are found to be fraudulent.

Simply put, credit card companies believe that EMV technology is sufficiently secure that they are willing to be liable for its risk which is more limited.

Why GAM Payment?

GAM Payment makes it easy for you to manage your payments and will help you keep up with the changes in customer preferences and technology. We are leaders when it comes to payment processing and you can rely on us to provide streamlined payment processing services designed to match the needs of your business.

We make it is easy for your business to process payments by offering the products, services, and expertise to help you make the most of the payment technology options available today. We will help make you EMV-compliant and ensure that you don’t suffer massive losses due to fraud. Try our service today and see the difference it makes in your business.